Apparatus and method for managing traffic using VID in EPON

ABSTRACT

An apparatus and method for managing traffic using a VID in EPON are provided. The apparatus includes a MAC lookup table, a service classification policy table, a service control policy table, a MAC lookup unit, a first and second classification module, a VID learning unit and a first and second service control module. The apparatus classifies all packets of up/downlink transmission flow using a VID into a VID unit, through the first and second classification modules and manages traffic thereof according to the parameters thereof through the first and second service control modules. Accordingly, a large amount of traffic for numerous subscribers and services thereof, which was cannot be processed by the limitation on embodying a typical switch or router, can be processed according to the present invention.

CLAIM OF PRIORITY

This application claims the benefit of Korean Patent Application No.2005-119917 filed Dec. 8, 2005, and Korean Patent Application No.2006-71527 filed on Jul. 28, 2006, in the Korean Intellectual PropertyOffice, the disclosure of which is incorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an Ethernet passive optical network(EPON), more particularly, to an apparatus and method for managingtraffic according to subscribers, subscriber's services, and servicesusing VLAN identification (VID) in EPON.

2. Description of the Related Art

As the next generation of an access network technology for providingfiber to the home (FTTH) and a communication and broadcasting mergedservice, a passive optical network (PON) technology was introduced.According to the PON technology, it can advantageously provide abroadband service that can accommodate voice, data and broadcasting inan access network, which was indicated as a bottleneck region.Therefore, it expects that the PON technology will be widely used forconstructing a digital home. Relatively, 802.3ah EFM (Ethernet in theFirst Mile) study group was organized under a Working Group of IEEE 802LAN/MAN standard committee, and defines EPON standard. Recently, the EFMdefines an access network technology that uses three wired lines, forexample, a Point-to-Point copper line, a Point-to-Point optical cable, aPoint-To-Multipoint optical cable. The goals of EPON, which is thePoint-to-Multipoint optical cable transmission technology, are 1Giga-bit transmission speed, 1:16, and 10/20 Km transmission. The EPONis a shared-type optical access network that dose not require activeelements such as a repeater and an amplifier of external device,minimizes the optical cable, and reduces the number of optical ports ina central office, thereby allowing affordable management. The EPON isone type of PON based on Ethernet technology.

In a conventional Ethernet protocol, a shared media connection and apoint-to-point connection are only considered. On the contrary, in theEPON, a tree structure of distributed topology is formed by connecting aplurality of optical network units (ONU) or optical network terminals(ONT) to single optical link termination (OLT) based on a TDMA scheme.The ONT can be distinguished from the ONU in a view of providing a meanof directly connecting a service application terminal of a user.However, the function of the ONT is identical to that of ONU in theEPON. In the present invention, the ONU and the ONT are notdistinguished. The ONU and the ONT can provide interfaces for connectingvarious application devices.

The EFM introduces a multi-point control protocol (MPCP) that controlsthe EPON in a MAC control layer.

In downlink channel, EPON always transfers Ethernet frames transmittedfrom an OLT to all of ONUs through a splitter. On the contrary, only OLTreceives frames transmitted from one ONU in the uplink channel.Therefore, other ONUs cannot be aware of the uplink frames. That is, aproblem is arisen because the EPON structure does not have a LANcharacteristic using a shared medium. Accordingly, the MPCP provides apoint-to-point emulation function from an ONU to other ONUs and apoint-to-point communication function from an OLT to an ONU using alogical link identifier (LLID). The LLID can be allocated one or morethan two for each ONU.

A time division multiple access (TDMA) is provided for an uplinkchannel. When an ONU transmits an Ethernet frame to an OLT, a collisionof traffic may occur because a plurality of ONUs can transmit frames atthe same time. In order to avoid such a collision, the MPCP provides amethod of sharing the uplink channel through the TDMA.

Topological downlink traffic in the EPON can be listened by other ONUs.Also, the resource of uplink traffic can be accessed by unauthorizedONUs. Since the confidentiality of information must be provided to asubscriber and a protection service of contents and a billing servicemust to be provided to a service provider, the EPON must guarantee theintegrity of subscriber traffic, and must block the access ofunauthorized device and subscriber.

It is very important issue to manage subscriber traffic in acommunication field. Many related technologies have been introduced. Ingeneral, data traffic is classified based on a given profiles accordingto a management purpose, and a policy is performed using the result ofclassification. The classification and the policy are generallyperformed in a L2 switch or a L3 router. Also, the packet header isinspected for the data packet classification and a matching condition isfound. If a packet having a given condition is found, it is processedaccording to a given policing rule. A rule table stores rules accordingto the conditions. Generally, the switch and router manages server tensto hundreds rule tables.

FIG. 1 is a block diagram illustrating a point-to-multi-point mode EPONsystem according to the related art.

Referring to FIG. 1, in the EPON system, one optical link terminal (OLT)is connected to a plurality of ONUs through a splitter in apoint-to-multipoint structure. A downlink transmission from the OLT tothe ONU/ONTs and an uplink transmission from the ONU/ONTs to the OLT areperformed based on a single transmission module that uses differentwavelengths.

In order to control traffic from a switch of an OLT to subscriberdevices connected to each port of ONU/OLT in the point-to-multipointEPON, the switch of the OLT must provide a corresponding policyaccording to a subscriber, and a subscriber service, and a method ofclassifying traffic to provide the policy.

It is common to use a VID for classifying a subscriber and a subscriberservice in an OLT upper layer which is a link termination device when aL2 switch or a L3 router is used in the EOPN. In this case, no method isprovided for classifying subscribers connected to each ONU and a servicethereof at the same time and managing them. Also, it is very difficultto manage traffic from the router to the devices connected to aplurality of ONUs due to a VID number limitation, in which the VISnumber is limited to 4096.

If there are numerous subscribers and services thereof in the EPON, itis impossible to manage the traffic thereof due to the limitation of therule table provided in the switch or the router. Therefore, it requiresan additional apparatus for managing traffic from the switch or therouter having insufficient classification and policy tables to an OLTMAC in order to simultaneously manage the subscriber and the servicethereof.

As a related conventional technology, a traffic management apparatus forprocessing traffic according to a predetermine rule without usingadditional rule tables was introduced in U.S. Pat. No. 6,930,978. Thetraffic management apparatus measures the input data traffic. If themeasured input data traffic is higher than a predetermined thresholdvalue, the traffic management apparatus drops the input data traffic. Onthe contrary, if not, the traffic management apparatus transfers theinput data traffic to a system. As described above, the trafficmanagement apparatus can guarantee the smooth operation of the system byproviding data to the system not to exceed the threshold value. However,the traffic management apparatus cannot variously and effectively managetraffic.

As another related conventional technology, a switch for controlling arule table in real time using a CPU was introduced in U.S. Pat. No.6,091,725. Although the switch can manage traffic in a flow unit bydynamically processing input data using the CPU and a switch, the highspeed operation is impossible because of using the CPU.

As further another related conventional technology, an apparatus forintegrally managing all policies through an additional policy service ina network without using a rule table was introduced in U.S. Pat. No.6,286,052. The apparatus allows a network manager to integrally controldata flows by distributing policy servers and flow informationcomponents and exchanging information using flow management sessions.However, it is impossible to variously and effectively manage thetraffic according to subscriber and services thereof.

SUMMARY OF THE INVENTION

The present invention has been made to solve the foregoing problems ofthe prior art and it is therefore an object of certain embodiments ofthe present invention to provide an apparatus and method for managingvarious traffics according to a subscriber, a subscriber service and aservice using a VID between a switch in an OLT and a MAC in EPON.

According to an aspect of the present invention, there is provided anapparatus for managing traffic using a VID of an Ethernet passiveoptical network (EPON), including: a MAC (media access control) lookuptable for matching VIDs to be used in an EPON according to a MAC addressand managing them; a service classification policy table for storing aservice classification reference according to a service controlparameter per a VID; a service control policy table for storing aservice policy to be provided according to a service classified in theservice classification policy table; a MAC lookup unit for looking up aVID corresponding to a MAC address of a downlink packet with referenceto the MAC lookup table if the downlink packet inputs; a first serviceclassification module for classifying a VID service class of thedownlink packet with reference to the service classification policytable based on the looked-up VID from the MAC lookup unit; a VIDlearning unit for learning a VID through a packet frame of an uplinkpacket and updating the MAC lookup table; a second serviceclassification module for classifying a VID service class of an uplinkpacket with reference to the service classification policy table; and asecond service control module for requesting a service according to theclassified VID service class from the second service classificationmodule in an uplink transmission flow.

According to another aspect of the present invention, there is provideda method for managing traffic using a VID of an EPON (Ethernet passiveoptical network) that manages traffic of an uplink/downlink transmissionflow between a switch of an OLT (optical link termination) and a MAC(media access control), including the steps of: a) setting a MAC (mediaaccess control) lookup table for matching VIDs to be used in an EPONaccording to a MAC address and managing them, a service classificationpolicy table for storing a service classification reference according toa service control parameter per a VID, and a service control policytable for storing a service policy to be provided according to a serviceclassified in the service classification policy table; b) searching anallocated VID by looking up the MAC lookup table based on a MAC addressof an input packet; c) classifying a service class corresponding to asearched VID with reference to the service classification policy table;and d) controlling a service of the input packet by finding a servicecontrol policy corresponding to the classified service class withreference to the service control policy table.

It is to be understood that both the foregoing general description andthe following detailed description of the present invention areexemplary and explanatory and are intended to provide furtherexplanation of the invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and other advantages of thepresent invention will be more clearly understood from the followingdetailed description taken in conjunction with the accompanyingdrawings, in which:

FIG. 1 is a block diagram illustrating a point-to-multi-point mode EPONsystem according to the related art;

FIG. 2 is a block diagram illustrating an apparatus for managingtraffics using a VID of an EPON according to an embodiment of thepresent invention;

FIG. 3 is a block diagram illustrating a service classification policytable for classifying traffic by a service according to an embodiment ofthe present invention;

FIG. 4 is a block diagram illustrating a service control policy tablefor controlling a classified traffic by a service according to anembodiment of the present invention;

FIG. 5 is a block diagram illustrating a service control policy tablefor controlling a classified traffic by a service according to anotherembodiment of the present invention;

FIG. 6 is a block diagram illustrating a service control policy tablefor controlling a bandwidth by a subscriber;

FIG. 7 is a flowchart illustrating a traffic managing method using a VIDaccording to an embodiment of the present invention;

FIG. 8 is a block diagram illustrating a structure of a traffic managedpacket according to an embodiment of the present invention; and

FIG. 9 is a flowchart illustrating a method for classifying a servicebased on a VID.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The present invention will now be described more fully hereinafter withreference to the accompanying drawings, in which preferred embodimentsof the invention are shown.

FIG. 2 is a block diagram illustrating an apparatus for managingtraffics using a VID according to an embodiment of the presentinvention.

Referring to FIG. 2, the apparatus for managing traffics using a VIDaccording to the present embodiment includes a MAC lookup table 15, aservice classification policy table 20, a service control policy table25, a MAC lookup module 30, a first service classification module 35, afirst service control module 40, a VID learning module 50, a secondservice classification module 55, and a second service control module60. The MAC lookup table 15 stores a VLAN identification (VID) of anuplink/downlink transmission flow related to a corresponding addressesper each MAC address. The service classification policy table 20 storesa service classification policy which is a reference to classify serviceclasses of uplink/downlink transmission flows per each VID. The servicecontrol policy table 25 stores a service control policy of each serviceclass classified at the service classification policy table 20. The MAClookup module 30 searches a VID of a corresponding uplink transmissionflow corresponding to the MAC address by looking up the MAC lookup data15 using a destination MAC address of a downlink packet. The firstservice classification module 35 classifies the downlink packet by aservice class with reference to the service classification policy table20 based on a service parameter obtained from a header of an inputdownlink packet and the looked up VID from the MAC lookup module 30 whenthe uplink transmission flow. The first service control module 40obtains a service policy corresponding to the service class classifiedin the first service classification module 35 when the downlinktransmission flow, and controls a service of a downlink according to theobtained service policy. The VID learning module 50 updates the MAClookup table 15 by looking up a VID according to a MAC address through apacket frame of an uplink packet. The second service classificationmodule 55 classifies a service class of a corresponding uplinktransmission flow based on the header information of a correspondinguplink packet and the VID of a corresponding uplink packet in the uplinktransmission flow. The second service control module 60 controls aservice for a corresponding uplink packet according to a classifiedservice class in the second service classification module 55 in theuplink transmission flow.

The traffic managing apparatus further includes a first buffer 55 a anda second buffer 55 for storing and providing corresponding downlink anduplink packet header information required in service classification ofthe first and second service classification modules 35 and 55.

The traffic managing apparatus is disposed between a switch in an OLTand a MAC in EPON, and manages traffic by controlling services foruplink/downlink transmission flows independently from the MAC or theswitch. Accordingly, the traffic managing apparatus includes a switchinterface module 10 and a MAC interface module 45. The switch interfacemodule 10 inputs and outputs the uplink/downlink packet-by cooperatingwith the switch of the OLT, and the MAC interface module 45 inputs andoutputs the uplink/downlink packet by cooperating with the OLT MAC.

The MAC lookup module 30 searches a VID of a packet having acorresponding destination MAC address through looking up a MAC addressstored in the MAC lookup table 15 for an uplink packet to be transmittedto ONU/OLT in EPON.

The learning of VID stored in the MAC lookup table 15 is achieved fromthe relation between a VID and a source MAC address from the uplinkpacket. Such a learning of VID is performed in the VID learning module50 disposed in a side that process an uplink transmission flow.

The MAC lookup table 15 performs operations as follows when the MAClookup table 15 receives a downlink packet from a switch interfacemodule 10 and the downlink packet includes a VID. If a VID of apredetermined MAC address is present in the MAC lookup table, the MAClookup table 15 changes the VID of the input downlink packet to alooked-up VID from the MAC lookup table. If the VID of predetermined MACaddress is not present in the MAC lookup table, the VID of the inputdownlink packet is sustained. On the contrary, if the input downlinkpacket does not include the VID and the corresponding VID is not presentin the MAC lookup table, the MAC lookup table 15 attaches a default VIDto the input downlink packet.

The first and second service classification modules 35 and 55 classify aservice class of a transmission flow according to a same classificationpolicy stored in the service classification policy table 20, therebyproviding constant services to a same subscriber and a same service inan uplink and downlink transmission.

In more detail, the service classification policy table 20 storesservice classification policies depending on service control parametersof L2, L3 and L4 per each VID, such as L2 MAC source address anddestination address, 802.1p priority information, L3 ToS, DSCP and L4TCP/UDP source port and destination port. The service classificationpolicy table 20 also stores service classification polices according towhether 802.1ad C-VLAN, or S-VLAN is applied or not.

Referring to Table in FIG. 3, an entry denotes a VID. The Table provides256 entries for each of the uplink and downlink. The bit of each entrydenotes whether each service control parameter is activated or not. TheTable further includes a class pointer that denotes an address value ofthe service control policy table 25 corresponding to a service classobtained as the final result of service classification per each entry.

The first and second service classification modules 35 and 55 classifythe service class of the input packet with reference to the serviceclassification policy table 20. The first and second serviceclassification modules 35 and 55 performs the service classificationusing the corresponding service control parameter according to whethereach service control bit of an entry of a VID of a corresponding packetis activated or not. After classification, the first and second serviceclassification modules 35 and 55 obtain one level value among setlevels.

The service class classification operation by the first and secondservice classification modules 35 and 55 is shown in FIG. 9 in detail,and will be described in later.

Afterward, the first and second service control modules 40 and 60control services according to a service class classified according tothe uplink and downlink packet. That is, the first and second servicecontrol modules 40 and 60 perform a rate limiting operation forcontrolling a bandwidth, a 802.1p priority marking/re-marking operationfor controlling priorities, a 802.1Q, 802.1ad VAN tagging/detaggingoperation, and a shaping operation for each uplink/downlink transmissionflow according to the classified service class. Herein, each controlvalue is obtained with reference to parameters in the service controlpolicy table 25.

For example, if a predetermined class point value of the service policytable 25 is assigned for the uplink or downlink flow by the first andsecond service classification modules 35 and 55, the first and secondservice modules 40 and 60 control the bandwidth and priority of acorresponding flow using the control value described in thecorresponding class pointer.

FIGS. 4 and 5 show the service policy table 25 according to anembodiment of the present invention.

Referring to FIGS. 4 and 5, the entry in the service policy table 25denotes a service class, and is indicated by the class point. Each entrydescribes a service control policy applied to a corresponding serviceclass. For example, a priority policy and a VLAN policy are described asshown in FIG. 4, or a bandwidth policy per a service class is describedas shown in FIG. 5.

Therefore, the first and second service control modules 40 and 60control the priority and/or the bandwidth of a corresponding flow usinga bandwidth control value or a priority control value, which isindicated by a class pointer value assigned by the first and secondservice classification modules 35 and 55.

Furthermore, the service policy table 25, as shown in FIG. 6, caninclude a bandwidth limiting policy according to a user. Herein, theuser may be classified using a relation between a MAC address and a LLIDfrom an OLT MAC.

The VID learning module 50 learns a source MAC address and a VID from aninput uplink packet, and updates the MAC lookup table 15. Furthermore,the VID learning module 50 can allocate an independent VID to asubscriber or a subscriber's service device based on a LLID allocated toan ONU/ONT from the MAC of an OLT, additionally.

In general, an EPON system has a TDMA based point-to-multipointstructure, and allocates one or a plurality of LLIDs to each ONU inorder to identify an ONU by an OLT. However, a switch cannot be aware ofsuch information about the LLID because the LLID is terminated at theOLT. Therefore, the traffic managing apparatus according to the presentembodiment receives a relation of VID and LLID from an OLT MAC, andmanages a service policy table per a subscriber as shown in FIG. 6.

Furthermore, the traffic managing apparatus is disposed between a switchand an OLT MAC and manages traffic. In order to managing the traffic,the traffic managing apparatus includes a switch interface module 10 anda MAC interface module 45. The switch interface module 10 and the MACinterface module 45 support a gigabit media independent interface (GMII)and a reduced GMII (RGMII).

As described above, the traffic managing apparatus according to thepresent embodiment can manage traffic according to a subscriber, asubscriber's service and a service. Also, the traffic managing apparatusaccording to the present embodiment can smoothly classify a large amountof services and control them by managing traffic using the serviceclassification policy and the service control policy.

Herein, the traffic managing apparatus according to the presentembodiment performs a bandwidth limiting operation at a final step forcontrolling services according to each subscriber.

Accordingly, the traffic managing apparatus assigns additional VID to adownlink packet toward a predetermined ONU/ONT according to itsdestination, and manages the traffic according to a policy correspondingto the assigned VID. The packet having a corresponding VID istransferred to a destination ONU/ONT by receiving a predetermined LLIDfrom a MAC.

Furthermore, when a VID of an input packet is transformed to a VID froma lookup table, such a transformation is stored through a table. Such astored transform information is searched for a packet with apredetermined VID, which inputs from an ONU/ONT, and the VID of inputpacket is transformed to a corresponding VID and transferred to anetwork. Therefore, a VID used in an EPON link can be distinguished froma VID used in a network. In other words, an OLT is allowed to control aVID of a packet input from a subscriber in the present embodiment.Therefore, the OLT is allowed to use maximum 4096 VIDs between an ONUconnected thereto and a subscriber's device without limiting the numberof VIDs in a network.

A method for classifying traffic by VID and providing the classifiedtraffic according to an embodiment of the present invention will bedescribed with reference to accompanying drawings, hereinafter.

FIG. 7 is a flowchart showing a traffic managing method according to anembodiment of the present invention. In FIG. 7, a flowchart (a) shows atraffic managing method for a downlink transmission flow, and aflowchart (b) shows a traffic managing method for an uplink transmissionflow.

Referring to the flowchart (a) in FIG. 7, at step S 100, a destinationMAC address of a packet frame is looked up when a downlink packet isreceived from a switch through a GMII/RGMII interface. At step S102, acorresponding VID is searched from the MAC lookup table 15 and thesearched VID is inserted to the received downlink packet. Herein, if aVID corresponding to the MAC address of the input downlink packet issearched from the MAC lookup table 15, it means that there is a VID thatcan be given to a packet having a corresponding MAC address in an EPONregardless of the current VID of the received downlink packet. If theinput downlink packet already has a VID, a destination MAC address of apacket frame is looked up. If the corresponding VID is found from theMAC lookup table 15, the VID in the received downlink packet is replacedwith the found VID. If not, the VID in the received downlink packet issustained.

At step S104, a service class of the received downlink packet isclassified according to a service control parameter and/or a usercontrol parameter with reference to the service classification policytable 2O based on the VID in the downlink packet.

At step S106, a service control policy, for example, bandwidth limiting,and priority control, is obtained corresponding to the classifiedservice class with reference to the service control policy table 25, andthe service is controlled according to the obtained policy.

The traffic managing method for the uplink transmission flow is verysimilar to that for the downlink transmission flow, except a step forlearning a VID.

Referring to the flowchart (b) of FIG. 7, at step S110, if an uplinkpacket inputs, a source MAC address and a VID are learned from a headerof the uplink packet, and the MAC lookup table is updated.

At step S112, a service class of the input uplink packet is classifiedaccording to a service control parameter and/or a user control parameterwith reference to the service classification policy table 20 based onthe VID of the input uplink packet.

At step S114, a service control policy such as controlling a bandwidthand a priority, is obtained based on the classified service class, and atransmission service is controlled for the uplink packet according tothe obtained policy.

FIG. 8 is a diagram illustrating a structure of an uplink/downlinkpacket frame according to an embodiment of the present invention.

Referring to FIG. 8, a destination MAC address denotes a MAC address ofa device in a destination of a data packet, and a source MAC addressdenotes a MAC address of a device that generates a data packet. Also, aMAC address is used as a mean to identify devices related thereto.Furthermore, a length of corresponding packet and an ether-type can beobtained from the uplink frame.

FIG. 9 is a flowchart illustrating a step for classifying a serviceclass based on the VID, such as the steps S104 and S112, in the trafficmanaging method according to an embodiment of the present invention.

Referring to FIG. 9, at steps S901 and S902, if a packet frame inputsafter looking up the VID thereof, header information (ether type) isobtained by parshing the input packet. At steps S903 to S910, acorresponding service class is classified according to the ether type, auser control parameter and a service control parameter of acorresponding VID.

Herein, the user control parameter denotes a major serviceclassification policy. As shown in a table at left upper portion of FIG.9, a major policy of a current service classification is given byassigning an operation type by a user.

That is, it determines whether the input packet is dropped or notaccording to an ether type of the input packet and an operation typefrom a user at step S904 to S906. If it determines to drop the packet,the input packet is dropped at step S907. If not, at steps S908 andS909, a detail service classification is performed using parameterscorresponding to an active control bit according to a service controlbit set to a corresponding VID of the service classification policytable 20.

For example, if an input packet is classified to classify a serviceusing an IP address and a TCP/UDP, and if a TCP/UDP control bit isactivated in a corresponding VID of the service classification policytable 20, a service classification is continuously performed using aTCP/UDP of the input packet, and one value among four service classes isobtained as a final result.

If the classification of the service class is failed according to themethods of the present embodiment, or if the MAC lookup is failed, therelated packets are independently managed as a non-classificationpacket.

As described above, all packets of up/downlink transmission flow areclassified into a VID unit, and the traffic thereof can be managedaccording to the parameters thereof.

Certain embodiments of the present invention provides a method andapparatus for classifying devices and services of subscribers by user'scontrol, allocating an additional VID and managing traffic in a VIDunit. Accordingly, a large amount of traffic for numerous subscribersand services thereof, which was cannot be processed by the limitation onembodying a typical switch or router, can be processed according to thepresent invention.

While the present invention has been described with reference to theparticular illustrative embodiments and the accompanying drawings, it isnot to be limited thereto but will be defined by the appended claims. Itis to be appreciated that those skilled in the art can substitute,change or modify the embodiments into various forms without departingfrom the scope and spirit of the present invention.

1. An apparatus for managing traffic using a VID of an Ethernet passiveoptical network (EPON), comprising: a MAC (media access control) lookuptable for matching VIDs to be used in an EPON according to a MAC addressand managing them; a service classification policy table for storing aservice classification reference according to a service controlparameter per a VID; a service control policy table for storing aservice policy to be provided according to a service classified in theservice classification policy table; a MAC lookup unit for looking up aVID corresponding to a MAC address of a downlink packet with referenceto the MAC lookup table if the downlink packet inputs; a first serviceclassification module for classifying a VID service class of thedownlink packet with reference to the service classification policytable based on the looked-up VID from the MAC lookup unit; a firstservice control module for providing a service of a downlinktransmission flow according to the VID service class classified at thefirst classification module with reference the service control policytable; a VID learning unit for learning a VID through a packet frame ofan uplink packet and updating the MAC lookup table; a second serviceclassification module for classifying a VID service class of an uplinkpacket with reference to the service classification policy table; and asecond service control module for requesting a service according to theclassified VID service class from the second service classificationmodule in an uplink transmission flow.
 2. The apparatus according toclaim 1, further comprising: a switch interface for providing aninterface to cooperate with a switch of an OLT (optical linktermination), transferring a downlink packet inputted from the switch tothe MAC lookup unit, and transferring an uplink packet outputted fromthe second service control module to the switch; and a MAC interface forproviding an interface to cooperate with a MAC layer of an OLT,transferring a downlink packet outputted from the first service controlmodule to a MAC layer, and transferring an uplink packet from a MAClayer to the VID lookup module.
 3. The apparatus according to claim 1,wherein the MAC lookup unit searches a corresponding VID from the MAClookup table based on a destination MAC address of the downlink packetif an input downlink packet includes a VID, changes the VID of thedownlink packet to the searched VID if the corresponding VID is foundfrom the MAC lookup table, or sustains the VID of the downlink packet ifthe corresponding VID is not found from the MAC lookup table.
 4. Theapparatus according to claim 3, wherein the MAC lookup unit adds adefault VID to the downlink packet if a VID corresponding to a MACaddress of a downlink packet inputted from the MAC lookup table.
 5. Theapparatus according to claim 1, wherein the first and second serviceclassification modules classify a service class of an uplink packet anda downlink packet by looking up the service classification policy tablebased on the looked up VID according to a user control parameter.
 6. Theapparatus according to claim 1, wherein the service control parameter ofthe service classification policy table includes at least one of L2 MACsource and destination addresses, 802.1p priority information, L3 ToS,DSCP and L4 TCP/UDP source and destination ports, and whether or notusing 802.1ad C-VLAN and S-VLAN.
 7. The apparatus according to claim 1,wherein the service control policy table includes at least one of abandwidth limiting policy, a priority policy, and a VLAN policyaccording to a service class.
 8. The method according to claim 7,wherein the service control policy table further includes a bandwidthlimiting policy classified according to a subscriber based on a LLID(logical link identification) allocated for classifying a plurality ofONUs (optical network units) or a subscriber by an OLT (optical lineterminal).
 9. A method for managing traffic using a VID of an EPON(Ethernet passive optical network) that manages traffic of anuplink/downlink transmission flow between a switch of an OLT (opticallink termination) and a MAC (media access control), comprising the stepsof: a) setting a MAC (media access control) lookup table for matchingVIDs to be used in an EPON according to a MAC address and managing them,a service classification policy table for storing a serviceclassification reference according to a service control parameter per aVID, and a service control policy table for storing a service policy tobe provided according to a service classified in the serviceclassification policy table; b) searching an allocated VID by looking upthe MAC lookup table based on a MAC address of an input packet; c)classifying a service class corresponding to a searched VID withreference to the service classification policy table; and d) controllinga service of the input packet by finding a service control policycorresponding to the classified service class with reference to theservice control policy table.
 10. The method according to claim 9,wherein the service control parameter of the service classificationpolicy table includes at least one of L2 MAC source and destinationaddresses, 802.1p priority information, L3 ToS, DSCP and L4 TCP/UDPsource and destination ports, and whether or not using 802.1ad C-VLANand S-VLAN.
 11. The method according to claim 9, wherein the servicecontrol policy table includes at least one of a bandwidth limitingpolicy, a priority policy, and a VLAN policy according to a serviceclass.
 12. The method according to claim 9, whrein the service controlpolicy table further includes a bandwidth limiting policy classifiedaccording to a subscriber based on a LLID (logical link identification)allocated for classifying a plurality of ONUs (optical network units) ora subscriber by an OLT (optical line terminal).
 13. The method accordingto claim 9, wherein the VID is independently allocated to eachsubscriber based on a LLID allocated to a plurality of ONU/ONTs, orallocated to a classified service in the service policy table using aservice control parameter of a corresponding packet.
 14. The methodaccording to claim 9, further comprising the step of e) updating the MAClookup table by learning a MAC source address and a VID of a packetframe of a corresponding uplink packet for a uplink transmission flow.15. The method according to claim 9, wherein in the step b), if adownlink packet having a VID inputs, the VID of the downlink packetchanges with the searched VID, the changing relation of the VID isstored in a table, and the downlink packet is transmitted witherreference to the stored changing relation for an uplink packet afterchanging the VID.